University of St. Thomas in Houston, Texas logo
Social Engineering

Social Engineering“The weakest link in the security chain is the human element.”

Social Engineering – a practice of deceiving an individual in order to obtain confidential information and often linked to malicious activities; such as phishing, identity theft or fraud. Social engineering uses trickery for information gathering or computer system access, and in most cases, the attacker never comes face-to-face with the victim. Social engineering can occur in person but, is primarily over the phone and online (e.g. phishing & pharming). If an attacker is not able to gather information from one source, he or she may contact another sources within the same organization and rely on the information from the first source to add to his or her credibility. Social engineering attacks are often successful because they exploit the human tendency to trust and the desire to be helpful.  

What should I do to protect myself from social engineering attacks?

  • Think before you act or release information.
  • Always verify an individual’s identity.
  • Always retain a degree of skepticism.
  • Challenge an individual’s credentials.
  • When in doubt, don’t hesitate to notify UST-IT Department.

Security Tip IV: Social Engineering

Protect sensitive information. Verify an individual's identity and credentials.


Take Precautions

Take precautions to secure yourself from social engineering attacks.  Ssee Social Engineering: The Basics, What is Social Engineering? and Avoiding Social Engineering Attacks for more information.  

If you have any issues or questions regarding from social engineering, please contact IT Help Desk at For additional IT security information, go to our website at